Privacy Policy

Last Updated: May 7, 2026

This Privacy Policy explains how Floyd ("Floyd," "we," "us," or "our") collects, uses, and shares information when you use our AI receptionist service, website, and SMS communications (collectively, the "Services").

1. Information We Collect

A. Information You Provide

  • Account information: Your name, phone number, business name, and trade type.
  • Business details: Information you provide to customize your AI receptionist (business name, service type).

B. Information from Phone Calls

When Floyd answers calls on your behalf, we may collect:

  • Call data: Caller phone number, call duration, date and time.
  • Call recordings and transcripts: Audio recordings and text transcriptions of calls handled by Floyd.
  • Lead information: Caller name, phone number, address, and service request details as provided by the caller.

C. SMS Communications

  • Inbound messages: SMS messages you send to Floyd to set up, manage, and use your account.
  • Outbound messages: SMS messages Floyd sends you, including onboarding and setup messages, lead notifications and call summaries, billing and trial reminders, product nudges (for example, call-forwarding setup reminders), and replies to your messages. Message frequency varies. Reply STOP to opt out at any time. Reply HELP for help.

D. Information Collected Automatically

  • Website data: IP address, approximate location derived from IP, browser type, language, referring URL, pages viewed, time on page, and device information when you visit our website.
  • Usage data: How you interact with the Services (calls answered, SMS sent and received, features used).
  • Cookies and tracking technologies: We use the following categories. You can disable cookies in your browser; doing so may break parts of the website but will not affect Floyd's call-handling on your account.
    • Strictly necessary cookies: Used for site functionality, security, and load balancing.
    • Analytics: We use Google Tag Manager ("GTM") to load measurement and analytics tags. GTM itself sets cookies for tag management. The actual tags loaded through GTM may set additional cookies.
    • Advertising and conversion tracking: We use the Meta (Facebook) Pixel and the Meta Conversions API to measure ad performance and attribute signups originating from Meta-served ads. The Pixel sets the _fbp and _fbc cookies. We send hashed event data (including signup events) to Meta for attribution. We do not authorize Meta to use this data for purposes other than measurement and conversion attribution on our behalf, but Meta processes data under its own terms. To opt out of Meta interest-based advertising, see Meta's settings at https://www.facebook.com/settings?tab=ads.
    • Do Not Track: Most browsers offer a "Do Not Track" signal. Because there is no industry-standard interpretation of this signal, our website does not currently respond differently when DNT is enabled. We will update this policy if that changes.

2. How We Use Information

We use information to:

  1. Provide the Services: answer calls, capture leads, send you SMS summaries.
  2. Improve the Services: analyze aggregate, de-identified call patterns and usage to improve Floyd's product. We do not train AI foundation models on customer data; see Section 6 for details.
  3. Communicate with you: send account updates, lead notifications, and respond to your messages.
  4. Process billing: manage your subscription and usage.
  5. Ensure security: detect and prevent fraud, abuse, and technical issues.
  6. Comply with law: meet legal obligations and enforce our Terms.

3. How We Share Information

We do not sell personal information, and we do not share personal information with third parties for cross-context behavioral advertising in exchange for monetary or other valuable consideration. The Meta Pixel described in Section 1.D is used for conversion measurement and attribution of our own ad campaigns, not for selling personal information to advertisers.

We may share information with the following categories of recipients:

  1. Service providers and subprocessors that help us operate the Services. As of the Last Updated date above, our subprocessors are:
    • Twilio, Inc. — telephony, SMS messaging, A2P 10DLC registration, phone number provisioning. (https://www.twilio.com/legal/privacy)
    • Retell AI, Inc. — voice AI agent that answers calls on your behalf, including audio capture and transcription. (https://retellai.com)
    • OpenAI, L.L.C. — large language model API used to power Floyd's SMS conversation agent and lead summarization. By default, OpenAI does not use API inputs or outputs to train OpenAI's models. (https://openai.com/policies/privacy-policy)
    • Stripe, Inc. — payment processing, subscription billing, customer billing portal, invoicing. (https://stripe.com/privacy)
    • Render, Inc. — application hosting, background workers, and database infrastructure. (https://render.com/privacy)
    • Cloudflare, Inc. — bot mitigation and Turnstile challenge on the signup form. (https://www.cloudflare.com/privacypolicy/)
    • ElevenLabs, Inc. — text-to-speech generation for our website's voice preview (does not process customer call data). (https://elevenlabs.io/privacy)
    • Meta Platforms, Inc. — ad measurement and conversion attribution via the Meta Pixel and Meta Conversions API (see Section 1.D). (https://www.facebook.com/privacy/policy)
    • Google LLC — Google Tag Manager for tag delivery (see Section 1.D). (https://policies.google.com/privacy)
  2. You (the business owner): We send you lead information captured from calls via SMS to your registered phone number.
  3. Legal and safety: We may disclose information to comply with law, respond to legal process (subpoenas, warrants, court orders), enforce our Terms of Service, or protect the rights, property, or safety of Floyd, our customers, callers, or the public.
  4. Business transfers: If Floyd is involved in a merger, acquisition, sale of assets, financing, or bankruptcy, information may be transferred as part of that transaction. We will provide notice (and, where required, choices) before personal information becomes subject to a different privacy policy.

We update this list when we add or remove a material subprocessor.

4. Call Recording

Floyd may record and transcribe phone calls to provide lead summaries and call history. By using the Services, you acknowledge that calls answered by Floyd on your behalf may be recorded. You are responsible for ensuring compliance with applicable call recording laws in your jurisdiction, including any required disclosures to callers.

5. HIPAA and Protected Health Information

Floyd is not a HIPAA Business Associate. Floyd does not offer or sign Business Associate Agreements ("BAAs"), and the Services are not designed, configured, audited, or operated to receive, process, store, or transmit Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act ("HIPAA") and its implementing regulations.

The Services are intended for service businesses (trades, cleaning, auto detailing, lawn care, and similar field-service operators). You may not use the Services on behalf of any HIPAA Covered Entity or Business Associate, including healthcare providers (doctors, dentists, mental health professionals, physical therapists), medical, dental, or surgical practices, hospitals, urgent care centers, pharmacies, diagnostic laboratories, imaging centers, health plans, or any organization that creates, receives, maintains, or transmits PHI. See Section 2.2 of our Terms of Service for the full list of Prohibited Industries.

If we identify your account as belonging to a HIPAA-Regulated Entity, we will suspend or terminate the account and delete associated call recordings and transcripts in accordance with our deletion practices.

If a caller has inadvertently shared health information with Floyd while calling your business, contact us at hey@floyd.app and we will delete the affected recordings and transcripts.

6. AI and Machine Learning

Floyd uses third-party AI services to power its SMS conversation agent (text understanding and lead summarization), the voice receptionist (real-time speech understanding and synthesis), and related features. Specifically:

  • OpenAI processes the text of your SMS conversations and lead-summary tasks. Per OpenAI's API policy, OpenAI does not use API inputs or outputs to train OpenAI's models by default.
  • Retell AI processes call audio in real time to operate the voice receptionist and to produce call transcripts. Retell processes this data under its own privacy practices and data retention policies, which we encourage you to review at https://retellai.com.
  • ElevenLabs processes text we send for the voice preview feature on our website. This does not include customer call data.

Floyd does not train its own AI foundation models on your account data, your call recordings, your call transcripts, or your SMS messages. We use aggregate, de-identified usage statistics (for example, weekly call counts and feature usage rates) to improve the product. We may also review specific call transcripts or SMS conversations on a case-by-case basis when responding to a support request, investigating abuse, or debugging a technical issue, in each case under access controls limited to authorized personnel.

If you do not want a particular call recording or transcript retained, contact us at hey@floyd.app and we will delete it.

7. Data Retention

We retain different categories of data for different periods, balanced against operational, security, and legal needs:

  • Account information (your name, business name, phone number, trade type, knowledge entries): retained while your account is active and for up to 180 days after account termination, after which it is deleted or anonymized. Billing records and tax-relevant records are retained for up to 7 years as required by U.S. tax and accounting law.
  • Call recordings: retained for up to 12 months while your account is active, then deleted on a rolling basis. Recordings associated with terminated accounts are deleted within 30 days of termination, except where retention is required by law or to resolve a pending dispute.
  • Call transcripts and lead summaries: retained for up to 24 months while your account is active, then deleted. Lead summaries delivered to you by SMS may also remain in the SMS conversation history under the same retention as SMS messages below.
  • SMS messages (between you and Floyd): retained for up to 24 months while your account is active, then deleted on a rolling basis. SMS associated with terminated accounts is deleted within 60 days of termination.
  • Website logs and security logs: retained for up to 90 days, then deleted.
  • Cookie data and ad attribution events (Section 1.D): retained per the cookie's expiration set by the issuing service (Meta and Google control the lifetimes of their respective cookies).

You may request earlier deletion at any time by emailing hey@floyd.app, subject to legal retention obligations we cannot waive (for example, billing records).

8. Your Rights

8.A General Rights (All Users)

Depending on your location, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your personal information (subject to legal retention obligations described in Section 7).
  • Port your personal information to another service.
  • Object to or restrict certain processing.

To exercise any of these rights, email hey@floyd.app from the address associated with your account, or text Floyd from your registered phone number. We will verify your identity through your phone number on file and will respond within 30 days (we may extend by an additional 60 days if the request is complex, in which case we will let you know).

We will not discriminate against you for exercising your privacy rights.

8.B California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"):

  • Right to Know: You may request that we disclose the categories of personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting it, the categories of third parties to whom we disclose it, and the specific pieces of personal information we have collected about you.
  • Right to Delete: You may request that we delete personal information we have collected from you, subject to exceptions (for example, completing a transaction, complying with a legal obligation, or detecting security incidents).
  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
  • Right to Opt Out of Sale or Sharing: We do not sell personal information, and we do not share personal information for cross-context behavioral advertising in exchange for monetary or other valuable consideration. We do use the Meta Pixel for measurement and attribution of our own ads (see Section 1.D); to the extent any California regulator views this as "sharing" under CPRA, you may opt out by reaching out as described below, and we will configure the Pixel to exclude your sessions to the extent technically feasible.
  • Right to Limit Use of Sensitive Personal Information: Floyd does not collect "sensitive personal information" for purposes of inferring characteristics. Use of any sensitive personal information that is incidentally collected (for example, if a caller volunteers it) is limited to providing the Services.
  • Right to Non-Discrimination: We will not deny services, charge different prices, or provide a different level of quality because you exercised your privacy rights.

Categories of personal information collected (last 12 months): identifiers (name, phone number, IP address); commercial information (subscription and billing records); internet or other electronic network activity (browsing on our website, SMS interactions); audio information (call recordings and transcripts handled on your behalf); inferences (call patterns and usage). Categories of sources: you, your callers, your devices, our cookies and tracking technologies, our subprocessors. Business purposes: providing the Services, security, billing, customer support, product improvement, advertising attribution. Categories of third parties to whom we disclose: the subprocessors listed in Section 3, and law enforcement when legally required.

To exercise any CCPA right, email hey@floyd.app with the subject line "California Privacy Request" or text Floyd from your registered number. We will verify your identity using your phone number and email on file. You may also use an authorized agent to make a request on your behalf; the agent must provide written authorization, and we may still verify your identity directly.

Metrics disclosure (annual): Because Floyd is a small operation, we currently do not receive enough verified consumer requests to publish a meaningful annual metrics report. We will publish one if and when our request volume or California revenue thresholds require it under CCPA.

8.C Other U.S. State Residents

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, and other states with similar laws) have rights substantially similar to those in Section 8.A and may exercise them through the same channels. We do not engage in profiling that produces legal or similarly significant effects.

8.D EU/EEA, UK, and Swiss Residents

If you reside in the European Economic Area, the United Kingdom, or Switzerland and our processing falls within the scope of the GDPR or UK/Swiss equivalents, you have rights of access, rectification, erasure, restriction, portability, and objection. The legal bases on which we rely are: contract (to provide the Services to you), legitimate interests (security, fraud prevention, product improvement), and consent (where required, for example for non-essential cookies). Floyd is established in the United States; if you have a complaint, you may contact us at hey@floyd.app or your local data protection authority.

9. Caller Privacy

Floyd collects information from callers (name, phone number, service request) on your behalf. You are the business receiving this information and are responsible for:

  • How you use and store caller information.
  • Providing any required privacy notices to your customers.
  • Complying with applicable privacy laws regarding caller data.

10. Security

We use reasonable administrative, technical, and organizational safeguards to protect information. However, no system is 100% secure. We encourage you to protect your phone and SMS communications.

11. Children's Privacy

The Services are intended for businesses and are not directed to children under 13. We do not knowingly collect information from children.

12. International Data Transfers

We may process and store information in the United States. If you are located outside the United States, your information may be transferred to and processed in the United States.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last Updated" date and may notify you of material changes via SMS or email.

14. Contact

For questions about this Privacy Policy or to exercise your rights, please contact hey@floyd.app.

For postal mail, contact us through Floyd LLC's registered agent in the State of Delaware (registered agent information is available through the Delaware Division of Corporations).

Floyd

Community

Trades

Legal

© 2026, Floyd LLC